kyy/swagger-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Escape curl command to fix XSS vulnerability.

Browse Source
This commit is contained in:
joev
2016-01-12 23:31:59 -06:00
parent 3abf8d2c0d
commit 331d2be070
3 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dist/swagger-ui.js vendored
View File

@@ -25926,7 +25926,7 @@ SwaggerUi.Views.OperationView = Backbone.View.extend({
// adds curl output
var curlCommand = this.model.asCurl(this.map, {responseContentType: contentType});
curlCommand = curlCommand.replace('!', '!');
$( 'div.curl', $(this.el)).html('<pre>' + curlCommand + '</pre>');
$( 'div.curl', $(this.el)).html('<pre>' + _.escape(curlCommand) + '</pre>');
// only highlight the response if response is less than threshold, default state is highlight response
var opts = this.options.swaggerOptions;

6
dist/swagger-ui.min.js vendored
View File

File diff suppressed because one or more lines are too long

2
src/main/javascript/view/OperationView.js
View File

@@ -704,7 +704,7 @@ SwaggerUi.Views.OperationView = Backbone.View.extend({
// adds curl output
var curlCommand = this.model.asCurl(this.map, {responseContentType: contentType});
curlCommand = curlCommand.replace('!', '&#33;');
$( 'div.curl', $(this.el)).html('<pre>' + curlCommand + '</pre>');
$( 'div.curl', $(this.el)).html('<pre>' + _.escape(curlCommand) + '</pre>');
// only highlight the response if response is less than threshold, default state is highlight response
var opts = this.options.swaggerOptions;